Can a GINA STUB fulfil my requirement?

Hi, i'm newbie here, not sure if this is the right place to post my

question. Smile

I need to implement 2 factor authentication for my Windows logon and

would like to know if a GINA STUB can fulfill my requirement or do I

need to write the entire GINA DLL? I read there are risks in

implementing the whole GINA so I will like to avoid that.

The flow:

1. Initial Authentication:

The user enters the username and password on the logon screen, the

logon credentials are then used to authenticate against a remote

authentication server.

--------------------------------------------------------------------------

"Please enter your Username and domain password"

USERNAME: [ ]

PASSWORD: [ ]

--------------------------------------------------------------------------

Alternatively, the credentials can also be used to logon to Windows or

AD (as in the usual process), but I should be able to intercept and

prevent the user from actually logging in whether or not the

credentials have been successfully authenticated - this is because

another set of logon credentials (2nd factor) must be submitted before

finally allowing access.

2. 2nd Factor:

If the first authentication fails, the user is presented with the

failure message returned by the remote authentication server, and the

first logon screen is presented again.

On success, an OTP or one-time-pass-word will be sent to the user, and

the user is then presented with another logon screen which looks like

the following. The user enters the username and OTP.

--------------------------------------------------------------------------

"Please enter the OTP which you have received"

USERNAME: [ ]

OTP: [ ]

--------------------------------------------------------------------------

The logon credentials will then be submitted to the authentication

server again. If the OTP is correct, the user will be allowed to logon

to the machine for real and i should be able to log this event.

If OTP authentication fails, the user is presented with the failure

message returned by the remote authentication server, and the

following logon screen is presented:

--------------------------------------------------------------------------

"Sorry, you have enter the wrong OTP, please enter the OTP again or

enter your domain password to generate another OTP"

USERNAME: [ ]

OTP/PASSWORD: [ ]

--------------------------------------------------------------------------

Note: Yes, I know that Windows 2008 and Vista uses a the new CP

method, but I'll need to implement GINA for Windows 2003 Servers. I

thought I'll implement CP after that, hopefully I can reuse as much of

the code as possible.

Any suggestions you be much appreciated.